From a security perspective, running a general-purpose operating system (or GPOS) on a computer, e.g., a personal computer (PC) can be considered a risk, as flaws in this GPOS (or in applications running on top of the GPOS) can cause malicious software exploiting the flaws to perform unwanted operations, like stealing passwords (keylogging) or other information like corporate information (screen scraping), etc.
The standard methods used to deal with this challenge include: the so-called “security software”; server-side virtualization solutions; client-side virtualization solutions; and software-trust chains or securely loaded (booted) operating system kernels. These methods have various drawbacks, mostly arising from possible flaws in the GPOS.
Another way to deal with the above challenge relies on the concept of certified and fault-free GPOS. However, no reliable implementation of such a system with all functionality required by the market for GPOSs exists, to the knowledge of the present inventors. Certain components in operating systems can be certified (to conform to certain security properties), yielding the concept of special-purpose, secure operating systems (or SPOS), e.g., for smart cards. The most significant drawback for this approach (beyond the impracticality of certifying hundreds of millions of lines of GPOS code) is that the basic concept of a GPOS (namely that it is general-purpose and can be easily extended) somehow contradicts the goal of proving and sealing functional properties of a secure OS.
In this context, present inventors have designed a secure solution to ascertain the integrity of the application software running on an operating system, including the assets that this software manages (e.g., secret corporate data).
Such a solution should notably benefit a “bring your own” (BYO) computing work environment. BYO generally relates to “Bring your own device” (BYOD), “bring your own technology” (BYOT), or closely related, “bring your own behavior” (BYOB). BYOD or BYOT concerns corporate/business policy of how employees can bring and use personal mobile devices at work and access employers' email, databases and files, while otherwise using such devices at home, whereby personal applications/data are accessed though the same devices. Beyond hardware, BYOB extends this to software used on the device.
Besides, as any software executed on a computer may be under attack by a number of viruses and malicious softwares (or malware) present on the PC's operating system, a known solution is to restart a PC from an external boot media, e.g., stored on a user-trusted device, typically a secure device, and start a new and—from a security perspective—clean operating system (OS) from the external media. However, this approach raises additional issues, which embodiments of the present invention aims at resolving too.
Finally, external boot media are often provided on trusted devices (including secure, tamper proof devices), which type of devices is generally known. For example, for online transactions, a solution which has been developed is the so-called Zone Trusted Information Channel (or ZTIC for short), see e.g., “The Zurich Trusted Information Channel—An Efficient Defence against Man-in-the-Middle and Malicious Software Attacks”, by Thomas Weigold, Thorsten Kramp, Reto Hermann, Frank Wiring, Peter Buhler, Michael Baentsch. In P. Lipp, A.-R. Sadeghi, and K.-M. Koch (Eds.): TRUST 2008, LNCS 4968, pp. 75-91, 2008. Springer-Verlag Berlin Heidelberg 2008.